1. Data protection at a glance

General information

We, AMS Advanced Medical Systems GmbH, are responsible for this online offering and, as a provider of a teleservice, are obliged to inform you at the beginning of your visit to our online offering about the type, scope and purpose of the collection and use of personal data in a precise, transparent, understandable and easily accessible form in clear and simple language. The content of the information must be available to you at any time. We are therefore obliged to inform you which personal data is collected or used. Personal data is all information that relates to an identified or identifiable natural person.

We attach great importance to the security of your data and compliance with data protection regulations. The collection, processing and use of personal data is subject to the provisions of the currently applicable European and national laws.

With the following privacy policy we would like to show you how we handle your personal data and how you can contact us.

Note on the responsible body

The responsible body for data processing on this website is:

AMS Advanced Medical Systems GmbH (AMS GmbH)
Managing Director: Dr. rer. nat. Frank Beck
Hauptstraße 26
D-97990 Weikersheim
Phone: 07934 / 99 34 89 0
Fax 07934 / 99 34 89 44
E-mail:

The responsible body is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

2. Definitions

Under personal data means all information that relates to an identified or identifiable natural person. This includes, for example, your name, address or email address.

The GDPR Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

We process, collect and use your personal data exclusively on the basis of the GDPR and this following data protection declaration.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Responsible is a natural or legal person, public authority, agency or other body which, alone or jointly with others, decides on the purposes and means of processing personal data.

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Recipient means a natural or legal person, public authority, agency or other body to which personal data is disclosed, whether a third party or not.

Third means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons authorised to process personal data under the direct authority of the controller or processor.

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes in the form of a statement or other unambiguous confirmatory act by which he or she indicates his or her agreement to the processing of personal data concerning him or her.

3. Scope and purpose of processing personal data

3.1. Accessing the website

When you visit this website www.ams-ag.de The Internet browser used by the visitor automatically sends data to the server of this website and stores it in a log file for a limited time. The following data is stored without further input from the visitor until it is automatically deleted:

• Name of the retrieved web page or file
• Date and time of access by the visitor
• amount of data transferred
• Message about successful retrieval
• the browser type and version used by the user / visitor
• the operating system of the user / visitor
• Referrer URL (the page previously visited by the visitor)
• User's IP address
• the name of the access provider used by the visitor

The processing of this personal data is justified in accordance with Art. 6 Paragraph 1 Clause 1 Letter f) GDPR. AMS GmbH has a legitimate interest in data processing for the purpose of

• to quickly establish the connection to the website,
• to enable a user-friendly use of the website,
• to identify and ensure the security and stability of the systems and
• to facilitate and improve the administration of the website.

The processing is expressly not carried out for the purpose of gaining information about the person visiting the website.

3.2 Information on the obligation to provide information pursuant to Art. 13 GDPR when collecting personal data from the data subject

We guarantee that we will only collect, process, store and use your data in connection with processing your enquiries, for internal purposes and to provide the services you have requested or to provide content.

Basics of data processing:
We only process users' personal data in compliance with the relevant data protection regulations. Users' data will only be processed if the following legal permissions apply:

• to provide our contractual services (e.g. processing orders) and online services
• the processing is required by law
• with your consent
• based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation and security of our online offering within the meaning of Art. 6 Para. 1 lit. f. GDPR, in particular in the measurement of reach, creation of profiles for advertising and marketing purposes as well as collection of access data and use of third-party services)

We would like to show you where the above legal bases are regulated in the GDPR:

• Consent:
  Art. 6 (1) lit. a. and Art. 7 GDPR
• Processing to fulfill our services and carry out contractual measures:
  Art. 6 para. 1 lit. b. GDPR
• Processing to fulfill our legal obligations:
  Art. 6 para. 1 lit. c. GDPR
• Processing to protect our legitimate interests:
  Art. 6 para. 1 lit. f. GDPR

We use software to maintain customer data (CRM system) or comparable software based on our legitimate interests (efficient and fast processing of user inquiries).

We operate the system in-house. This means that no data is passed on to third parties.

We would like to point out that e-mails can be read or changed during transmission without your permission or knowledge. We would also like to point out that we use software to filter unwanted e-mails (spam filter). The spam filter can reject e-mails if they have been incorrectly identified as spam due to certain characteristics.

4. Transfer of data

Data will only be passed on to third parties within the framework of legal requirements. We only pass on user data to third parties if this is necessary, for example, for contractual purposes or on the basis of legitimate interests in the economic and effective operation of our business.

If we use subcontractors to provide our services, we take appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal requirements.

We would like to point out that due to the use of Google Analytics, data transmission takes place when using our website.

5. Newsletter

Newsletter data

We use the newsletter to inform you about us and our offers 2-3 times a year. If you would like to receive the newsletter, we need a valid email address from you as well as information that allows us to verify that you are the owner of the email address provided or that the owner agrees to receive the newsletter. No other data is collected or is only collected on a voluntary basis. This data is only used to send the newsletter and is not passed on to third parties.

The processing of the data entered in the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You can revoke your consent to the storage of the data, the e-mail address and their use for sending the newsletter at any time, for example via the "unsubscribe" link in the newsletter or by sending us an e-mail to The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide to us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted after you unsubscribe from the newsletter. Data that we have stored for other purposes (e.g. email addresses for the protected area) will remain unaffected.

6. Cookies

The website uses so-called cookies. These are data packets that are exchanged between the website server and the visitor's browser. These are saved by the device used (PC, notebook, tablet, smartphone, etc.) when the website is visited. Cookies cannot cause any damage to the devices used. In particular, they do not contain viruses or other malware. Information is stored in the cookies that is related to the specific device used. AMS GmbH cannot therefore obtain direct knowledge of the identity of the visitor to the website.

Cookies are generally accepted according to the basic settings of the browser. The browser settings can be set so that cookies are either not accepted on the devices used, or that a special notice is displayed before a new cookie is created. However, please note that deactivating cookies may mean that not all functions of the website can be used to their full potential.

The use of cookies serves to make the use of the AMS GmbH website more convenient. For example, session cookies can be used to track whether the visitor has already visited individual pages of the website. After leaving the website, these session cookies are automatically deleted.

Temporary cookies are used to improve user-friendliness. They are stored on the visitor's device for a temporary period of time. When the website is visited again, it is automatically recognized that the visitor has already accessed the page at an earlier point in time and which entries and settings were made so that they do not have to be repeated.

Cookies are also used to analyse visits to the website for statistical purposes and to improve the service. These cookies make it possible to automatically recognise on a subsequent visit that the website has already been visited by the visitor. In this case, the cookies are automatically deleted after a specified period of time.

The data processed by cookies are justified for the above-mentioned purposes in order to safeguard the legitimate interests of AMS GmbH in accordance with Art. 6 Para. 1 Sentence 1 Letter f) GDPR.

7. Analysis services for websites, tracking

The legal basis for the use of the analysis tools is Art. 6 Paragraph 1 Clause 1 Letter f) GDPR. The website analysis is in the legitimate interest of AMS GmbH and serves to statistically record page usage in order to continuously improve our website and the range of our products.

7.1. Tracking tools

The tracking measures listed below and used by us are carried out on the basis of Art. 6 Paragraph 1 Clause 1 Letter f of GDPR. With the tracking measures used, we want to ensure that our website is designed to meet your needs and is continuously optimized. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. Identification or conclusions about you as a person are not made.

7.2 Google Analytics

We use Google Analytics, a web analysis service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on users' computers and that enable an analysis of the use of the website. The information generated by the cookie about the use of this website by users is usually transferred to a Google server in the USA and stored there.

This means that data is transferred to a third country. This takes into account whether appropriate/suitable guarantees are in place and whether enforceable rights and effective legal remedies are available to you.

A copy of the appropriate guarantees can be obtained at the following links:

• Privacy Shield: https://www.privacyshield.gov/list
• Standard contractual clauses:
  http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF

However, if IP anonymization is activated on this website, Google will shorten the user's IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate the use of the website by users, to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google. Users can prevent cookies from being saved by setting their browser software accordingly; however, this offer draws users' attention to the fact that in this case they may not be able to use all functions of this website to their full extent. Users can also prevent Google from collecting the data generated by the cookie and relating to their use of the website (including their IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

7.3 Google Maps

This site uses the Google Maps map service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer.

We use Google Maps in the interest of an attractive presentation of our online offerings and to make the locations we specify on the website easy to find. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

For more information on how user data is handled, see Google’s privacy policy:
www.google.de/intl/de/policies/privacy/.

8. Plugins and tools

YouTube

Our website uses plug-ins from the YouTube site operated by Google. The site is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.

When you visit one of our pages equipped with a YouTube plug-in, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.

If you are logged into your YouTube account, you allow YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

YouTube is used in the interest of an appealing presentation of our online offerings. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

For more information on how user data is handled, please see YouTube’s privacy policy at:
https://www.google.de/intl/de/policies/privacy.

9. Your rights as a data subject

To the extent that your personal data is processed when you visit our website, you as a “data subject” within the meaning of the GDPR have the following rights:

9.1. Right to information

You have the right to obtain information about your stored data free of charge. Upon request, we will inform you in writing in accordance with applicable law which personal data we have stored about you. This also includes the origin and recipients of your data as well as the purpose of the data processing.

Where applicable, in the case of transmission to recipients in third countries, unless there is a decision by the EU Commission on the adequacy of the level of protection pursuant to Art. 45 (3) GDPR, information on which appropriate guarantees are provided for the protection of personal data pursuant to Art. 46 (2) GDPR.

You can submit your request for information by telephone, email or, if necessary, by fax to the contact details listed at the beginning of this privacy policy (see under “1. Data protection at a glance“) informally.

9.2. Right to rectification and completion

If you discover that we have incorrect personal data about you, you can request that we correct this incorrect data immediately. If the personal data concerning you is incomplete, you can request that it be completed. You can exercise your right to correction and/or completion by telephone, email, or if necessary by fax to the contact details listed at the beginning of this data protection declaration (see under 1. Data protection at a glance) informally.

9.3. Right to erasure

You have the right to erasure (“right to be forgotten”) unless the processing is necessary for exercising the right to freedom of expression, the right to information or for compliance with a legal obligation or for the performance of a task carried out in the public interest and one of the following reasons applies:

• The personal data are no longer necessary for the purposes for which they were processed.
• The sole justification for the processing was your consent, which you have now withdrawn.
• You have objected to the processing of your personal data that we have made public.
• You have objected to the processing of personal data that we have not made public and there are no overriding legitimate grounds for the processing.
• Your personal data has been processed unlawfully.
• The deletion of personal data is necessary to fulfill a legal obligation to which we are subject.

There is no right to deletion if, in the case of lawful, non-automated data processing, deletion is not possible or only possible with disproportionate effort due to the special nature of the storage and your interest in deletion is low. In this case, the restriction of processing takes the place of deletion.

You can exercise your right to deletion by telephone, email or, if necessary, by fax to the contact details listed at the beginning of this privacy policy (see under 1. Data protection at a glance) informally.

9.4. Right to blocking

You can also have your data blocked. To ensure that your data can be blocked at any time, this data must be kept in a blocking file for control purposes.

9.5. Right to data portability

You have a right to data portability if the processing is based on your consent (Article 6 (1) sentence 1 letter a) or Article 9 (2) letter a) GDPR) or on a contract to which you are a party and the processing is carried out using automated procedures. The right to data portability in this case includes the following rights, provided that this does not affect the rights and freedoms of other persons: You can request that we receive the personal data that you have provided to us in a structured, common and machine-readable format. You have the right to transmit this data to another responsible party without hindrance on our part. If technically feasible, you can request that we transmit your personal data directly to another responsible party. You can make your request for data transfer by telephone, email, or if necessary by fax to our contact details listed at the beginning of this data protection declaration (see under 1. Data protection at a glance) informally.

9.6. Right of objection

If the processing is based on Art. 6 Para. 1 Sentence 1 Letter e) GDPR (performance of a task in the public interest or in the exercise of official authority) or on Art. 6 Para. 1 Sentence 1 Letter f) GDPR (legitimate interest of the controller or a third party), you have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation. This also applies to profiling based on Art. 6 Para. 1 Sentence 1 Letter e) or Letter f) GDPR. After exercising your right of objection, we will no longer process your personal data.

You can object to the processing of personal data concerning you for direct marketing purposes at any time. This also applies to profiling that is associated with such direct marketing. After exercising this right of objection, we will no longer use the personal data concerned for direct marketing purposes. You have the option of submitting your objection by telephone, email, or if necessary by fax to the contact details listed at the beginning of this data protection declaration (see under 1. Data protection at a glance) informally.

Protection of your personal data

We take contractual, organizational and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

The security measures include in particular the encrypted transmission of data between your browser and our server.

This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the website operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.

If SSL encryption is activated, the data you send to us cannot be read by third parties.

Your personal data will be protected in the following ways (excerpt):

• Maintaining the confidentiality of your personal data
  In order to protect the confidentiality of your personal data stored with us, we have taken various measures to control entry, entry and access.
• Maintaining the integrity of your personal data
  In order to protect the integrity of your personal data stored with us, we have taken various measures to control transmission and input.
• Maintaining the availability of your personal data
  In order to maintain the availability of your personal data stored with us, we have taken various measures to control orders and availability.

The security measures in use are continually being improved in line with technological developments. Despite these precautions, we cannot guarantee the security of your data transmission to our website due to the insecure nature of the Internet. As a result, any data transmission from you to our website is at your own risk.

9.7. Revocation of consent

You have the right to revoke your consent at any time with effect for the future. The revocation of the consent can be made by telephone, email or, if necessary, by fax to the address given under point "1. Data protection at a glance“ can be communicated informally. The revocation does not affect the legality of the data processing that was carried out on the basis of the consent until the revocation was received. After receipt of the revocation, the data processing that was based exclusively on your consent will be stopped.

9.8. Complaint

If you consider that the processing of personal data concerning you is unlawful, you can lodge a complaint with a data protection supervisory authority responsible for the place of your residence or work or for the place of the alleged infringement.

10. Russia-specific provisions

For users residing in the Russian Federation, the following applies:

The above services of our online offer are not intended for citizens of the Russian Federation who are resident in Russia.

If you are a Russian citizen residing in Russia, you are hereby expressly informed that any personal information you provide to us through this website is at your sole risk and responsibility. You further agree that you will not hold us responsible for any failure to comply with the laws of the Russian Federation.

11. Status and update of this privacy policy

This privacy statement is dated May 25, 2018. We reserve the right to update the privacy statement from time to time in order to improve data protection and/or to adapt it to changes in official practice or case law.